A colleague of mine was using the "modernized" service implementation I wrote about some time ago. His services needs to be notified when a user logs on/off or locks/unlocks the machine. Everything was fine for a while, until he started to complain it worked for a while, but then, "randomly", notifications weren't triggered any longer.

Resident Embarcadero wizard of Oz, David Intersimone, has been so bold to write about Delphi "security". You know I already wrote about the utterly lack of security in Datasnap (but relying on web server security using https), but there are some true pearls in that article.

Despite what promised, Embarcadero wasn't able to meet the February 1st, 2015 deadline for 64 bit iOS apps. Not a surprise. Just another warning Embarcadero is trying to do too much with too little, and aligning someone else deadlines and releases with your own is difficult and usually not worth the effort.

No, the title of this blog post is not a mistake. Delphi, including XE7, only implements services using NT APIs obsoleted since Windows 2000. Windows NT was EOLed in 2004, 2000 in 2010, and XP last year, yet Delphi still doesn't take advantage of the new APIs. What are the advantages? Well, using the "extended" RegisterServiceCtrlHandlerEx() and its HandlerEx() callback, services can receive more and useful notifications (control codes). The new control codes allow to be notified of and handle:

In the past days, I bought a Netgear WNCE3001 wireless adapter to connect my pay TV decoder to the Internet. To configure it, you need to connect it to a PC Ethernet port, and use its configuration wizard to perform the initial configuration - which is just configuring which wireless LAN you want to connect to, and its encryption parameters. In my case, the wizard was unable to complete.

Since the introduction of Windows Vista and the new security model for applications, application running under User Account Control (UAC) should adopt a "least privilege" model, running as an "unprivileged" user almost all the time, and requesting higher privileges only when needed, even if the user has those privileges.

Requesting higher privileges is called "elevation". A good application uses "local elevation points", meaning it elevates only when it really needs it, and then reverts to a non elevated stated afterwards. These operations are those identified by a little shield on the control (button, menu item, etc.) that activates them.

But how to perform this kind of elevation? There is not a simple way, say an ElevateProcess() or ElevatedThread() API. First, elevation can't be performed for a single thread. It needs to be performed at the process level, and there are good security reason behind this choice. Second, elevating a whole process would also elevate all threads within. Thereby, elevation require to "spawn" a new process. There are at least three different ways to perform this, in this post I'll explain what I believe is the most elegant and flexible one, albeit complex - the COM Elevation Moniker.